Essential safety vulnerabilities in Ubiquiti’s UniFi Shield surveillance ecosystem-one rated the utmost severity rating of 10.0-could enable attackers to hijack cameras, execute malicious code remotely, and preserve unauthorized entry to video feeds.
The issues, disclosed on Might 6, 2025, have an effect on the UniFi Shield Cameras firmware and the UniFi Shield Utility, exposing enterprise and residential surveillance methods to exploitation.
Safety researchers have urged rapid patching to mitigate dangers of community compromise and privateness breaches.
.png
)
Probably the most extreme vulnerability, tracked as CVE-2025-23123, stems from a heap buffer overflow within the firmware of UniFi Shield Cameras (variations 4.75.43 and earlier).
Attackers with entry to the administration community can exploit this flaw to set off distant code execution (RCE), granting full management over affected gadgets.
The vulnerability’s CVSS v3.0 rating of 10.0 displays its criticality, with the assault vector labeled as network-based (AV:N), requiring no consumer interplay or privileges (PR:N/UI:N).
Heap buffer overflows happen when a program writes knowledge past the allotted reminiscence house, corrupting adjoining knowledge constructions.
On this case, malformed community packets despatched to the digital camera’s administration interface overwhelm the buffer, enabling attackers to overwrite essential reminiscence addresses.
Profitable exploitation may enable deployment of malware, manipulation of video feeds, or lateral motion throughout related networks.
The flaw’s “excessive” impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) underscore its potential to disrupt bodily safety infrastructure.
Researcher Mathew Marcus, credited with discovering the vulnerability, emphasised that unpatched cameras in company or essential infrastructure environments may function entry factors for ransomware assaults or espionage.
Ubiquiti has not disclosed whether or not lively exploitation has been noticed, however the absence of exploit complexity (AC:L) suggests low limitations for risk actors.
Misconfigured Livestream Sharing Tokens
A secondary vulnerability, CVE-2025-23164 (CVSS 4.4), impacts the UniFi Shield Utility (variations 5.3.41 and earlier).
The flaw resides within the “Share Livestream” characteristic, which generates time-limited entry hyperlinks for exterior customers.
Because of a misconfigured token revocation mechanism, recipients of disabled hyperlinks retain entry to livestreams indefinitely.
Whereas much less extreme than the RCE flaw, this oversight creates persistent privateness dangers, notably for organizations sharing delicate footage.
The assault vector requires preliminary entry to a respectable livestream hyperlink (PR:H) and hinges on Ubiquiti’s failure to invalidate tokens upon hyperlink deactivation.
Although the complexity is excessive (AC:H), profitable exploitation permits unauthorized events to watch video feeds covertly.
Researcher Mike S Schonert famous that risk actors may mix this flaw with social engineering techniques to reap legitimate hyperlinks, amplifying the danger of information leaks.
Not like the network-wide implications of CVE-2025-23123, this vulnerability’s scope is proscribed to compromised livestreams (S:U).
Nevertheless, industries like healthcare or education-where video feeds typically comprise delicate private data-face heightened publicity.
Ubiquiti’s advisory confirms that the flaw doesn’t allow entry to historic footage or different system parts, mitigating its broader influence.
Mitigation and Vendor Response
Ubiquiti has launched firmware updates to deal with each vulnerabilities. UniFi Shield Cameras have to be upgraded to model 4.75.62 or later to resolve CVE-2025-23123, whereas the UniFi Shield Utility requires model 5.3.45 or newer to repair CVE-2025-23164.
The patches, distributed by way of Ubiquiti’s auto-update mechanism, modify reminiscence administration routines within the digital camera firmware and introduce strict token expiration protocols within the Shield Utility.
Organizations unable to use rapid updates ought to section surveillance networks from essential infrastructure, prohibit administration interface entry, and audit lively livestream hyperlinks.
Ubiquiti has additionally beneficial disabling the “Share Livestream” characteristic till patches are deployed, although this will hinder collaboration in safety operations facilities.
Whereas no workarounds exist for the RCE vulnerability, its exploitation requires proximity to the administration community.
Enterprises ought to implement zero-trust ideas, requiring multi-factor authentication for community entry and monitoring for anomalous visitors patterns.
The staggered disclosure timeline-with fixes launched concurrently with advisories-highlights the coordinated effort between Ubiquiti and exterior researchers to reduce publicity home windows.
As surveillance methods more and more combine with IoT ecosystems, these vulnerabilities underscore the significance of firmware hygiene.
With over 1.2 million UniFi Shield gadgets deployed globally, well timed patching stays the best protection in opposition to weaponized exploits focusing on bodily and digital safety infrastructures.
